DNS Override Issue

tamu

I just moved from an ALIX machine to a J1900 both running the latest code.

I setup DNS Resolver this time and I installed my DNS Overrides.  I created a real dyndns address override and a non-existent dyndns override.  In pfsense (Diagnostics/DNS Lookup) when I query both of these overrides the result is as expected of my internal/private overrides.

When I do the query or nslookup from client machines (who have their DNS pointing to pfsense - I see pfsense as the server in the nslookup) the real dyndns adrress query returns the public IP.  It will not return the override.  The test/non-existent dyndns returns the override.

I have flushed dns many times and started/stopped DNS Resolver.

I'm at a loss as to what to check next.  Any help or tips would be greatly appreciated.  I tried DNS Forwarder as well (which  overrides worked fine on my ALIX machine) and had the same issues.  I'm sure I'm just overlooking something.

Thanks!

–-
Just to follow-up.  Just to verify I disabled DNS Resolver again on the interface and re-enabled DNS Forwarder and rebuilt the overrides.  The same behavior is happening with both DNS methods.

I'm using one of the physical OPT interfaces for this particular LAN segment, don't know if that changes the behavior.  I'm also having an issue with NAT reflection with port-rules on this interface.  Port forwards are fine from external networks, but not coming from OPT1.  I'm not sure if there is a relationship.  My old setup was WAN-DHCP and LAN+LAN(VLAN1010).  This seems fairly basic.

WAN-DHCP
LAN - 192.168.1.x
OPT1 - 192.168.2.x
OPT1(VLAN1010) - 172.22.22.x

johnpoz

Why don't you actually post your overrides your creating and your query for said override.

If you created a host override and you query for said override - that is what is going to be returned.  So either you did not create the override correctly or it did not take.  Did you restart unbound?  Or you not doing the query to or what your thinking your doing a query for.

tamu

Yeah, I agree a host override is not complicated but it is not cooperating on 2.3.4 .  I did a reboot and several restarts of unbound.  I've switched back to DNS Forward for the time being for more testing.

Here are a couple of samples

hs3.ursula.com  -> host override 192.168.2.68
mytest.dyndns.org -> host override 192.168.2.33

From the Pfsense GUI - Diag/DNS Lookup Results for these two hosts:

DNS Lookup
Hostname  hs3.ursula.com

Result Record type
192.168.2.68 A

Name server Query time
127.0.0.1 13 msec
208.67.222.222 16 msec
208.67.220.220 133 msec
8.8.8.8 18 msec

Hostname mytest.dyndns.org

Result Record type
192.168.2.33 A

Name server Query time
127.0.0.1 13 msec
208.67.222.222 13 msec
208.67.220.220 15 msec
8.8.8.8 15 msec

From the client side (same results on different machines and OS types)
The clients only DNS server is the pfsense interface 192.168.2.254

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix  . : localdomain
  Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8260
  DHCP Enabled. . . . . . . . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.2.193(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Sunday, July 9, 2017 2:28:20 PM
  Lease Expires . . . . . . . . . . : Sunday, July 9, 2017 5:57:58 PM
  Default Gateway . . . . . . . . . : 192.168.2.254
  DHCP Server . . . . . . . . . . . : 192.168.2.254
  DNS Servers . . . . . . . . . . . : 192.168.2.254

C:\Users\xxxx>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\xxxx>nslookup
254.2.168.192.in-addr.arpa
        primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry  = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
Default Server:  UnKnown
Address:  192.168.2.254

mytest.dyndns.org
Server:  UnKnown
Address:  192.168.2.254

Name:    mytest.dyndns.org
Address:  192.168.2.33

hs3.ursula.com
Server:  UnKnown
Address:  192.168.2.254

Non-authoritative answer:
Name:    hs3.ursula.com
Address:  72.18.128.8

tamu

To your point, the clients are somehow resolving hostnames.  In DNS forwarder mode, I removed all DNS servers in the General DNS Settings Area. The DNS Override List is NOT checked.

From pfsense I try to resolve getvera.com and as expected it did not resolve.  I go to a OS X client and verify that /etc/resolv.conf only list the GW 192.168.2.254.

I do a nslookup and getvera.com resolves to 104.25.200.22

–----

very odd, this is an issue on a couple of clients with corporate control.  I kept on testing on other devices without GPO and behavior is exactly expected and overrides work.  There must be some DNS servers installed before the the DHCP acquired.

thanks for your help

Derelict

PLEASE use a real tool like dig or drill to diagnose DNS problems, not windows nslookup. Something is giving the answers you are receiving and I see no way that is unbound.

Having DNS overrides in place AND having DNS servers listed that do not contain said overrides is asking for trouble. You really have no control over which server is actually going to answer. If it's the public server, you'll get the public address. If it's the local server, you'll get the local address. That answer will likely be cached somewhere. Inconsistent results will ensue.

And instead of this:

Here are a couple of samples

hs3.ursula.com  -> host override 192.168.2.68
mytest.dyndns.org -> host override 192.168.2.33

Please post screen shots so we can see what you have done not what you think you have done.

tamu

Hi Derelict,

Thanks for your post. As you pointed out it is not unbound or dnsmasq.  It was the DNS search list on a couple of the clients that was the issue.  With wireshark you could see the DNS request from the client was appending the extra domain to the request.  As an easy workaround I just created an alias in the host override section.

Thanks

Derelict

So nothing to do with 2.3.4. OK.